Review of Secrets and Lies
There are a lot of misconceptions about computer security, and a lot of unrealistic expectations about what is and is not possible. The truth is that completely reliable computer systems are impossible to achieve, and secure computer and networking systems are equally impossible. When this is understood, one is, at last, in a position to recognize risk and manage it.
Secrets and Lies gives the clearest explanation we have yet seen as to the fundamental problems faced when dealing with technology. If you are responsible, directly or indirectly, for data security, you need to understand that it is impossible to make a program that is error-free. In addition, as programs become larger, more complex, and more connected with other programs on other machines, they become even more prone to errors and to errors caused by interactions among systems.
Once you recognize this, it becomes clearer that the approach to dealing with security issues in computers is the same approach needed in all other areas of security, which is to say one of risk management. This means that while you need to keep current on security patches, mere technology will not keep you safe. As with other areas, you must also rely on active monitoring of the activity on your machines, and on being pro-active in case of attack.
Secrets and Lies will, in our opinion, give you a very good overview of the philosophical state of the art. It is, as an added benefit, quite readable. If you haven’t read this book, do so.